在Python中删除根权限 [英] Dropping Root Permissions In Python

问题描述

我想让一个Python程序开始在端口80上侦听，但是之后在没有root权限的情况下执行.有没有办法删除root或没有它获得端口80?

I'd like to have a Python program start listening on port 80, but after that execute without root permissions. Is there a way to drop root or to get port 80 without it?

推荐答案

没有root特权，您将无法在端口80上打开服务器，这是对OS级别的限制.因此，唯一的解决方案是在打开端口后放弃root特权.

You won't be able to open a server on port 80 without root privileges, this is a restriction on the OS level. So the only solution is to drop root privileges after you have opened the port.

以下是在Python中删除根特权的可能解决方案:删除特权在Python中.通常，这是一个很好的解决方案，但是您还必须在函数中添加os.setgroups([])，以确保不保留root用户的组成员身份.

Here is a possible solution to drop root privileges in Python: Dropping privileges in Python. This is a good solution in general, but you'll also have to add os.setgroups([]) to the function to ensure that the group membership of the root user is not retained.

我稍微复制并清理了一下代码，并删除了日志记录和异常处理程序，以便由您自行处理OSError(当不允许该进程切换其有效UID时将抛出该异常)或GID):

I copied and cleaned up the code a little bit, and removed logging and the exception handlers so it is left up to you to handle OSError properly (it will be thrown when the process is not allowed to switch its effective UID or GID):

import os, pwd, grp

def drop_privileges(uid_name='nobody', gid_name='nogroup'):
    if os.getuid() != 0:
        # We're not root so, like, whatever dude
        return

    # Get the uid/gid from the name
    running_uid = pwd.getpwnam(uid_name).pw_uid
    running_gid = grp.getgrnam(gid_name).gr_gid

    # Remove group privileges
    os.setgroups([])

    # Try setting the new uid/gid
    os.setgid(running_gid)
    os.setuid(running_uid)

    # Ensure a very conservative umask
    old_umask = os.umask(077)

这篇关于在Python中删除根权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！